Retrieving Permissions granted to Roles

When looking closely at Roles, these are just subsets of the entire rights or Permissions available that have assigned a name for easier identification. This chapter describes, how the Permissions assigned to a Role can be retrieved.


Hint: The execution of these examples requires a connected PowerShell drive.

First the Role-object of the Role in question has to be retrieved - this is done via the Get-EmdbRole-cmdlet. Afterwards, the objects associated with this Role can be enumerated using the GetAssociatedItems()-method. The following example uses the Role "Packaging Manager":

$MyRole = Get-EmdbRole "Packaging Manager"


The commands above return an array of Permission-, User- and External-Group-objects. In order to filter the Permission-objects in question, the Where-Object-cmdlet can be used:

$MyRole.GetAssociatedItems() | Where-Object {$_.Type -eq "Right"}

Alternatively, the Permissions associated with a Role can be retrieved through calling the GetAssociatedItems()-method using the argument "RolePermissions":


Hint: the argument RoleTasks used in previous versions, can't be used with DSM 2014.1 and above.

Note: Note that Role-objects are not part of the context rootDSE and therefore they can be referenced without a full qualified path resp. an absolute path.